Advertisement

Powered by Squarespace
Popular Categories
Blog Posts
Discussion Activity
Cisco Live 365

Blog (Broadcast)

Home > Blog

Broadcasting news, tips, and troubleshooting on networking technologies.

 

 

Tuesday
Mar272012

S4 - Super Simple Storage Service: One-ups Amazon's AWS S3

The Super Simple Storage Service (S4) is a new innovation in cloud storage. Our advanced write-only storage provides the highest security, lowest cost, and simplest management available.

Read all about it at S4 - Super Simple Storage Service.

20120327.1

cwebbot407-408 (cws) are active now.
Saturday
Mar242012

Cisco ASA/PIX Equal Cost Load Balancing (ECLB) Routing

With an active/standby pair of Cisco ASA/PIX firewalls, feeding into two Internet edge routers with limited bandwidth over two separate DIA (Direct Internet Access) circuits, the firewalls can be configured to do Equal Cost Load Balancing (ECLB) as known on the Cisco PIX or Equal Cost Multiple Path (ECMP) on the ASA with the default route so both routers and circuits are used.

If HSRP is protecting the default gateway to the routers and the firewall uses static routing to the standby VIP (virtual IP) address, only one of the two routers would actually be used.  Some routers support GLBP (Global Load Balancing Protocol) to make the VIP active/active on both routers, but GLBP responds to ARP (Address Resolution Protocol) requests by using alternating between multiple virtual MAC addresses in the responses.  GLBP would not yield load balancing with a single firewall of a redundant active/standby pair since the firewall would only receive and use one of the virtual MAC addresses.  You would think GLPB might be an option with active/active firewalls, but the chance of both firewalls getting the same MAC address and funnelling all traffic through a single router is high with the default round-robin algorithm and with other devices using the same GLBP VIP in the VLAN.

Click to read more ...

Wednesday
Feb082012

Restricted Active Directory Accounts with Cisco VPN 3000 Concentrator 

Let’s pretend the couple of hours spent troubleshooting why an otherwise valid Microsoft Windows Active Directory (2003) account wouldn’t authenticate to a Cisco VPN 3000 Concentrator never happened.   The VPN 3000 Concentrator log showed the IKE/167 event below which only hints to a username or password issue, and it definitely didn’t seem like there should be any issue with the username (triple-checked) nor the password (quadruple-checked).

Click to read more ...

Saturday
Jan212012

ICS comes with Cisco VPN compatibility [finally]

After upgrading my Xoom WiFi from Google’s Androide Honeycomb tablet OS to Ice Cream Sandwich 4.0.3 (ICS IML77), a functional Cisco-compatible VPN no longer eludes me.  I’ve got Cisco VPN3005s deployed — yes, they are EOL (end of life) — and read in the past how the 3005 would never work with Android.

My intial attempt of VPN with ICS looked promising, but was short-lived.  After quickly configuring an IPSec/PSK connection with the IPSec Identifier left at default which reads “not used”, I connected to the Base Group with a default IPSec group password set.  I saw from logs that ICS was trying to connect to connect to the VPNC_Base_Group which turns out to be the internal name of the Base Group, but then I’d get a user password error associated with the group name.

Click to read more ...

Monday
Jan092012

The gloomy side of Clouds

With all the infatuation (and mostly well-deserved I will add) to Cloud computing, a gloomy side of Clouds — no pun is safe here — is on the horizon.  When troubleshooting networking issues, source IP addresses often need to be tracked down to their rightful (and/or abusive) owner. 

Enter the Cloud, and now you’re chasing source IPs that come and go as quickly as a cloud dissipates on a hot day.  Forget DNS reverse lookups, as you’ll gain no additional knowledge that what you already had from a whois with ARIN.net.

Click to read more ...

Page 1 ... 1 2 3 4